Based on more than 15 years of experience, we have developed tools, procedures and strategic methodology to balance operational and security requirements. We know that it is not just technology and tools, but also people and processes. We also know that safety must not complicate operations. That is why operability and readiness is result of our work, not stopped progress.
For the operational environment, we have developed a system that detects and notifies about anomalies and created incident response processes. For this purpose, we have connected the Plant Information Management System (PIMS), physical security management – ie, cameras, sensors and access to the workplace (via the contactless card) – with the detection of cyber-security events.
The trouble-free operation of system is regularly reviewed by our Red Team. To further streamline the system, we have introduced workflows with management reporting in the form of key performance indicators.
Asset management and automated testing
For the client who has IoT equipment in place, we have created a system for inventory and asset testing.
Through Centimani, we continuously monitor changes in assets. Based on the list of assets, we launched regular automated testing of new firmware and PLC, RTU, HMI, and other preventative steps.
The result of our work is an overview of the assets and, in particular, the certainty that the problem once removed will no longer be repeated in future firmware versions.
One of our clients is an energy company for which we have prepared a hacker attack simulation. Our goal was to trigger a massive power outage that would account for about 1.4 million supply points.
We have attacked renewable sources of electricity that are out of control of the company but supply energy to its grid. At the same time, we invaded dispatching and also disrupted radio, optical networks and other channels for communication. We have prepared the simulation from the very design of the attack method to the collection of information and technical hypothesis testing.
The result of our work is the implementation of Rolken’s security approach to the energy company’s processes.
Attack simulation on governmental body
We’ve created a red team. Its task was to gain permanent access to critical information infrastructure components and identify the weakest security spots.
We used three offensive tactics – a of social engineering, application testing, and physical penetration.
Security architecture and desing
For new operation, we have created a reference design and security architecture for managing a large cyber-physical system. The goal was to create a design that will resist future demands for expansion and deployment of IoT elements.
The result of our work is the design and reference implementation that develops a system and applications comprised of thousands of users, industrial robots and sensors.
Soft target detection
For an extensive telecom operator network, we have developed a system that identifies soft targets such as open VNC servers. Our tool has recognized over 20,000 devices. We then sorted out using the machine learning we teached to recognize the screen content and look for potential problems here.
Thanks to our work, the operator could specifically inform customers that their devices are easily vulnerable. At the same time, it has contributed to the effective reduction of security risks for telecom operator.